Bug #52: Migrate ESP sequence number in update_sa - strongSwan

Bug #52

Migrate ESP sequence number in update_sa

Added by Martin Willi over 13 years ago. Updated over 13 years ago.

Status:

Closed

Priority:

High

Assignee:

Tobias Brunner

Category:

charon

Target version:

4.2.4

Start date:

Due date:

Estimated time:

Affected version:

5.9.2

Resolution:

Description

kernel_interface.c:update_sa resets the ESP sequence numbers, which is not interoperable with hosts other than strongSwan. Either use XFRM_MIGRATE (which is not available on all kernels and lacks encapsulation update) or better manually migrate ESP sequence numbers.

History

#1 Updated by Tobias Brunner over 13 years ago

we use XFRM_MSG_GETAE and XFRMA_REPLAY_VAL to manually copy the sequence numbers (this requires a kernel version of at least 2.6.17).

#2 Updated by Tobias Brunner over 13 years ago

Status changed from New to Closed
Affected version set to fixed

fixed in r4104

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

Bug #52

Migrate ESP sequence number in update_sa

History

#1 Updated by Tobias Brunner over 13 years ago

#2 Updated by Tobias Brunner over 13 years ago